EFFECTIVE DATE: 3/9/2022
COLLECTING INFORMATION ABOUT YOU
We collect the following categories and types of personal information:
- Contact Information: we use contact forms to allow you to inquire about volunteering or to generally communicate with us. When you fill out that form, we collect your first and last name, email address, and phone number.
- Other identifying information: when you visit our website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone. And some of the cookies that are installed on your device. Additionally, as you browse the website we may collect information the individual web pages you view and information about how you interact with the site. We collect this information using “Cookies”,
Cookies are data files placed on your device or computer and often include an anonymous unique identifier. A session cookie expires immediately when you end your session (i.e., close your browser). A persistent cookie stores information on the hard drive so when you end your session and return to the same web site at a later date the cookie information is still available.
WHO WE SHARE YOUR DATA WITH
Your data will not be shared outside of our organization without prior, written or electronic consent.
If you fill in our contact form and/or leave a comment on our website, the comment and its metadata are retained indefinitely.
RIGHTS YOU HAVE ABOUT YOUR DATA
You may request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
WHERE WE SEND YOUR DATA
Visitor comments may be checked through an automated spam detection service. We may also use some automation tools such as Zapier to move data from our website into other systems we use for marketing and customer satisfaction such as MailChimp or Hubspot CRM.
If you have questions or comments about this policy, you may email us at firstname.lastname@example.org
HOW WE PROTECT YOUR DATA
The security and reliability of our service is our number one priority. We invest heavily in the training of our staff and our infrastructure to ensure that best practices are followed in everything that we do.
See wordpress.org/about/security for details on the security of the WordPress core itself.
- Prevention is best when it comes to security, and as a first step, we follow all WordPress Code Standards in the plugins that we build and use.
- In addition, we have an extensive internal review and Quality Assurance process in place specifically to prevent potential security vulnerabilities in our plugins and services.
- Every Boulder Emergency Squad employee and contractor goes through background checks and an onboarding process that includes a trial period where access to customer data is provided only when working directly under the supervision of another staff member.
- All staff only have access to systems that are directly required to complete the functions of their job. We use two-factor authentication for all critical systems and communications services, and automatically log all staff activity using Asana and Google ‘G’ Suite services.
- All staff (including any contractors) undergo initial training to ensure proper understanding of all security-related processes. Staff regularly attend industry conferences and otherwise stay informed of best practices and relevant trends. Staff review and agree, in writing, to all policies and procedures annually.
- We only use third-party services that are fully vetted and adhere to the highest levels of privacy and security practices.
WHAT DATA BREACH PROCEDURES WE HAVE IN PLACE
Should any event occur where customer data has been lost, stolen, or potentially compromised, our policy is to alert our customers via email no later than 48 hours of our team becoming aware of the event. We will also report such incident to any required data protection authority. We will work closely with any customers affected to determine next steps such as any end-user notifications, needed patches, and how to avoid any similar event in the future.